Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-15384
Publication date:
09/06/2021
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2021

CVE-2020-15380
Publication date:
09/06/2021
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2021

CVE-2020-15383
Publication date:
09/06/2021
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-29995
Publication date:
09/06/2021
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2022

CVE-2021-30133
Publication date:
09/06/2021
A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2021

CVE-2020-27384
Publication date:
09/06/2021
The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2021

CVE-2021-23847
Publication date:
09/06/2021
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2021

CVE-2021-23853
Publication date:
09/06/2021
In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs.
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2021

CVE-2020-15382
Publication date:
09/06/2021
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2021

CVE-2021-23854
Publication date:
09/06/2021
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2021

CVE-2021-23852
Publication date:
09/06/2021
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2021

CVE-2021-23848
Publication date:
09/06/2021
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2021
Subscribe to Vulnerabilities